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DETAILED ACTION 

This Office Action is in response to an Amendment filed March 12, 2008. Claims 1-20,22-24 are 
currently pending, of which claims 22-24 are new. Any rejection not set forth below has been overcome 
by the current Amendment. 

Claim Rejections - 35 USC § 112 

1 . The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 23 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the invention. 

It is not clear when the host object was authenticated. In claim 1 , it is not specifically mentioned 
that the Mobile Node was ever authenticated using the layer 2 information, so it is not clear how an 
orphaned host object can be generated. As an additional note, did the Applicant mean to generate an 
orphaned host object or an unorphaned host object after the authentication. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-2,4,9,14-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Drams et 
al. ("RADIUS Attributes Sub-option for the DHCP Relay Agent Information Option"), herein referred to as 
Droms further in view of Applicants Admitted Prior Art, herein referred to as AAPA. 

As per claims 1,14-16, Droms discloses a method for performing layer 2 authentication of a 
Mobile Node supporting Mobile IP, as claimed, comprising: 



Application/Control Number: 10/672,857 Page 3 

Art Unit: 2153 

obtaining layer 2 information including at least one of a MAC address or a username associated 
with the Mobile Node (see top of page 2, "access point can authenticate the identity of the user of a 
device before providing layer 2 network access", where the identity of the user is considered the layer 2 
information and further describing how authentication credentials are exchanged with a network access 
device, and page 4, second paragraph below "DHCP Relay Agent Behavior", describing the layer 2 
information as User-Name, Calling-Stations-ID and Class attributes); 

generating an orphaned host object including the layer 2 information (see top of page 2, where 
the orphaned object is considered the mobile node awaiting the authentication of the layer 2 information); 

unorphaning the orphaned host object when an IP address associated with the layer 2 
information is received such that the unorphaned host object includes the IP address and the layer 2 
information (see page 1 , "Abstract", discussing how an IP address is associated with layer 2 information 
after authentication, and the unorphaned host is considered the authenticated mobile node with IP 
address), wherein the IP address associated with the layer 2 information is received without performing 
layer 3 authentication of the Mobile Node, thereby enabling layer 3 policies to be enforced without 
performing layer 3 authentication of the Mobile Node (see page 4, "DHCP Server Behavior", discussing 
how the DHCP server receives RADIUS attributes, (i.e. the layer 2 information) and uses that to configure 
the client, implying that layer 3 authentication is not performed since the layer 2 information was already 
authenticated with user name and credentials); and 

providing access to services based upon the IP address of the unorphaned host object (e.g. 
mobile node is authenticated by layer 2 and receives an IP address so that services can be offered to the 
mobile node from the network it is connected to). 

Although the system disclosed by Droms shows substantial features of the claimed invention 
(discussed above), it fails to disclose that the method is performed in an SSG based network. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Droms, as evidenced by AAPA. 

In an analogous art, AAPA discloses how various systems can be used for authentication of a 
Mobile Node. For instance a service selection gateway (SSG) (see Specification page 4, lines 13-16). 
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Given the teaching of AAPA, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Droms by employing an SSG based network, 
such as disclosed by AAPA, in order to take advantage of SESM solutions such as authentication of the 
user, policy enforcement, etc. 

As per claim 2, Droms further discloses obtaining a username associated with the Mobile Node; 

wherein the orphaned host object includes the username associated with the mobile node (see 
page 4, second paragraph below "DHCP Relay Agent Behavior"). 

As per claim 4, Droms further discloses that unorphaning the orphaned host object comprises: 

receiving a packet including the IP address and the layer 2 information; and updating the 
orphaned host object to include the IP address, thereby generating an unorphaned host object (see 
discussion above regarding how the RADIUS server provides the layer 2 authentication and allows a 
DHCP server to select an IP address for the network device, thereby unorphaning the host object). 

As per claim 9, Droms further discloses an IP address of a network device from which the packet 
was received, the method further comprising: 

maintaining a mapping between the IP address of the network device and the IP address of the 
Mobile Node such that a mapping of one or more Mobile Nodes supported by the network device is 
maintained (see top of page 2, describing how a network element using 802. 1x is mapped to a DHCP 
server (i.e. IP address)). 

As per claim 17, Droms further discloses enforcing layer 3 policies based upon the layer 2 
authentication of the Mobile Node (see Abstract, where IP address authentication by layer 2 
authentication implies layer 3 policy). 

As per claim 18, Droms further discloses enforcing layer 3 policies without performing layer 3 
authentication (see Abstract, discussing how layer 2 authentication is used in conjunction with an IP 
address to give access to the network). 

As per claim 19, Droms further discloses enforcing layer 3 policies by accessing the unorphaned 
host object (see Abstract, wherein once the layer 2 attributes from the RADIUS server are received by the 
DHCP server and an IP address is assigned based on the layer 2 authentication, the host object is 



Application/Control Number: 10/672,857 Page 5 

Art Unit: 2153 

unorphaned and layer 3 policies are enforced because there is an IP address that has already been 
authenticated using layer 2). 

As per claim 20, Droms further discloses enforcing layer 3 policies based upon the IP address of 
the unorphaned host object (see discussion for claim 19). 

As per claims 22,24, AAPA further discloses that it is old and well known to authenticate using an 
EAP-SIM protocol (see AAPA Specification page 5, lines 6-9). Furthermore, since Droms teaches a 
mechanism for providing authenticated layer 2 network access while providing layer 3 policies (i.e. IP 
address), it would be obvious to use a protocol such as EAP-SIM). 

As per claim 23, Droms further discloses authenticating the Mobile Node using the layer 2 
information; 

wherein generating an orphaned host object including the layer 2 information is performed after 
the Mobile Node has been authenticated using the layer 2 information (see page 4, "5. DHCP Server 
Behavior", showing that after layer 2 information is authenticated, the configuration parameters for the 
client are selected implying a generation of the host object). 

3. Claims 3,5-8,10-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Droms in 
view of AAPA as applied to claim 1 above, and further in view of Livingston ("RADIUS Accounting"). 

As per claim 3, Droms discloses receiving the layer 2 information in an access request packet 
(see page 2, Figure 1 , and page top of page 2, describing the layer 2 information that is passed on for 
authentication); 

wherein generating the orphaned host object is performed when an access accept packet is 
received indicating the Mobile Node associated with the layer 2 information (see page 2, Figure 1 [4], and 
page 4, "5. DHCP Server Behavior"). 

Although the system disclosed by Droms shows substantial features of the claimed invention 
(discussed above), it fails to disclose being authenticated by a AAA server. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Droms, as evidenced by Livingston. 



Application/Control Number: 10/672,857 Page 6 

Art Unit: 2153 

In an analogous art, Livingston discloses the accountability options for the RADIUS protocol (see 
second paragraph below "1 . Introduction") and using an AAA server for authentication (see page 2, "1 . 
Introduction" describing authentication, authorization and accounting services that the RADIUS 
Accounting service provides). 

Given the teaching of Livingston, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Droms by employing an AAA server, such as 
disclosed by Livingston, in order to managing a single database of users which allows for authentication 
as well as configuration information detailing the type of service to deliver the user. 

As per claim 5, Droms in view of Livingston discloses receiving an ACCT start packet (see 
Livingston page 4, paragraph 1 , describing a start packet) including the IP address and the layer 2 
information (see Droms Page 4, second paragraph below "4. DHCP Relay Agent Behavior" and "5. DHCP 
Server Behavior"). 

As per claims 6,7,8,10, Livingston further renders obvious receiving an ACCT stop packet 
including the IP address (see page 3, "2. Operation", describing an ACCT stop packet describing type of 
service that was delivered and input and output packets implying an IP address within the packets). 

In considering deleting the unorphaned host object when the ACCT stop packet is received, it 
would have been an obvious modification to eliminate an element and its function according to In re 
Karlson, 311 F.2d 581, 583, 136 USPQ 184, 186 (CCPA 1963); In re Kuhle, 526 F.2d 553, 188 USPQ 7 
(CCPA 1975). It would be advantageous to delete the unorphaned host object in order to prevent 
someone else from maliciously using session information and deleting the unorphaned host would not 
take away from the functionality of the RADIUS server since the unorphaned host is no longer needed. 

As per claim 1 1 , Livingston further renders obvious receiving a packet including the IP address of 
the network device that indicates that the network device is not functioning (see page 1 1 , "5.1 Acct- 
Status-Type", showing that an accounting off packet can be sent to mark the end of accounting (i.e. 
reboot = not functioning because it is off)); and 
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deleting the unorphaned host object or orphaning a host object for each of the Mobile Nodes 
supported by the network device (see discussion above regarding the obviousness for removing an 
element and its function because it is no long needed since the device is not functioning). 

As per claim 12, Livingston further renders obvious that the packet including the IP address of the 
network device that indicates that the network device is not functioning is an ACCT-OFF packet (see 
page 1 1 , "5.1 Acct-Status-Type", showing that an accounting off packet can be sent to mark the end of 
accounting). 

As per claim 13, Livingston further renders obvious that the IP address of the network device that 
indicates that the network device is not functioning is an ACCT-ON packet (see page 1 1 , "5.1 Acct- 
Status-Type", showing that an accounting on packet can be sent upon booting). Considering that the 
RADIUS protocol is used and the device is not functioning, it would have been obvious to a person having 
ordinary skill in the art that when the device is not functioning a reboot would try and correct the problem 
and then the device would send out an ACCT-ON packet in order to inform the RADIUS protocol it is 
ready to accept incoming connections. 

Response to Arguments 

4. Applicant's arguments filed March 12, 2008 have been fully considered but they are not 
persuasive. 

A) Applicant contends that Droms does not disclose generating an orphaned host object or 
that an orphaned host object maybe unorphaned. 

In considering A), the Examiner respectfully disagrees. Applicants specification suggests 
that an orphaned object is generated with layer 2 information (see page 7, lines 9-1 1 ). Droms 
shows that layer 2 information is obtained and waits for authentication from a server. The 
Examiner believes the communication of the layer 2 information is considered the orphaned 
object. That is, a request with user name and other credentials (i.e. message object) awaits to be 
authenticated so it is currently orphaned (see top of page 2, "access point can authenticate the 



Application/Control Number: 10/672,857 Page 8 

Art Unit: 2153 

identity of the user of a device before providing layer 2 network access", where the identity of the 
user is considered the layer 2 information and further describing how authentication credentials 
are exchanged with a network access device, and page 4, second paragraph below "DHCP 
Relay Agent Behavior", describing the layer 2 information as User-Name, Calling-Stations-ID and 
Class attributes). In considering the orphaned host becoming unorphaned, Droms discloses 
authenticating the layer 2 mobile node and giving it an IP address (see page 1 , "Abstract", 
discussing how an IP address is associated with layer 2 information after authentication, and the 
unorphaned host is considered the authenticated mobile node with IP address). Applicants 
specification suggests that an orphaned object is unorphaned when an IP address is associated 
with the layer 2 information (see page 7, lines 11-14). Therefore, Droms meets the claimed 
limitation because layer 2 information is associated with an IP address given from a DHCP 
server. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to PHILIP J. CHEA whose telephone number is (571 )272-3951 . The examiner can normally 
be reached on M-F 6:30-4:00 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on 571-272-3949. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 

/Glenton B. Burgess/ Philip J Chea 

Supervisory Patent Examiner, Art Unit 2153 Examiner 

Art Unit 2153 
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